Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

SSL with 2 folders


Guest

Recommended Posts

Hi

 

Ive got 1 of these host with 2 folders nonsecure, httpdocs and secure, httpsdocs.

 

I installed oscommerce: No problems

Installed a new template: No problems

Installed a couple of contributions: No problems

Loaded Product: No problems

 

Whole site is now working fine but unsecure.

 

Now I copy everything to the secure folder and change the settings in config.php

 

everything still work fine on the unsecure site but when click checkout or go to secure admin I get the following error

 

Warning: session_save_path(): open_basedir restriction in effect. File(/home/httpd/vhosts/mysite.co.nz/httpdocs/tmp) is not within the allowed path(s): (/home/httpd/vhosts/mysite.co.nz/httpsdocs:/tmp) in /home/httpd/vhosts/mysite.co.nz/httpsdocs/admin/includes/functions/sessions.php

 

a couple of similar errprs then under that the site seems to work fine

 

I tried this change 'STORE_SESSIONS', 'mysql'

 

No change

 

So I changed sesson directory from /home/httpd/vhosts/filtersource.co.nz/httpdocs/tmp

to /home/httpd/vhosts/filtersource.co.nz/httpsdocs/tmp

 

Now the secure side works with no errors but the unsecure side has the errors

 

I dont really want the whole site to have to run secure.

 

is there a way to satisfy boths sides?

 

and If I purchase a ssl cert on this host will I still have 2 folders but No POPUP?

 

Ive heard other people say change hosts, :-( but surely other hosts use this method of security.

 

Thanks in advance for any help

 

other info:

osCommerce 2.2-MS2

Server Host: linuxplesk1.openhost.net.nz (127.0.0.1) Database Host: localhost (127.0.0.1)

Server OS: Linux 2.4.20-021stab028.17.777-smp Database: MySQL 4.1.14

Server Date: 11/29/2005 12:26:32 Datebase Date: 11/29/2005 12:26:32

 

HTTP Server: Apache/2.0.46 (CentOS)

PHP Version: 4.4.0 (Zend: 1.3.0)

Link to comment
Share on other sites

Hi

 

Ive got 1 of these host with 2 folders nonsecure, httpdocs and secure, httpsdocs.

 

I installed oscommerce: No problems

Installed a new template: No problems

Installed a couple of contributions: No problems

Loaded Product: No problems

 

Whole site is now working fine but unsecure.

 

Now I copy everything to the secure folder and change the settings in config.php

 

everything still work fine on the unsecure site but when click checkout or go to secure admin I get the following error

 

Warning: session_save_path(): open_basedir restriction in effect. File(/home/httpd/vhosts/mysite.co.nz/httpdocs/tmp) is not within the allowed path(s): (/home/httpd/vhosts/mysite.co.nz/httpsdocs:/tmp) in /home/httpd/vhosts/mysite.co.nz/httpsdocs/admin/includes/functions/sessions.php

 

a couple of similar errprs then under that the site seems to work fine

 

I tried this change 'STORE_SESSIONS', 'mysql'

 

No change

 

So I changed sesson directory from /home/httpd/vhosts/filtersource.co.nz/httpdocs/tmp

to /home/httpd/vhosts/filtersource.co.nz/httpsdocs/tmp

 

Now the secure side works with no errors but the unsecure side has the errors

 

I dont really want the whole site to have to run secure.

 

is there a way to satisfy boths sides?

 

and If I purchase a ssl cert on this host will I still have 2 folders but No POPUP?

 

Ive heard other people say change hosts, :-( but surely other hosts use this method of security.

 

Thanks in advance for any help

 

other info:

osCommerce 2.2-MS2

Server Host: linuxplesk1.openhost.net.nz (127.0.0.1) Database Host: localhost (127.0.0.1)

Server OS: Linux 2.4.20-021stab028.17.777-smp Database: MySQL 4.1.14

Server Date: 11/29/2005 12:26:32 Datebase Date: 11/29/2005 12:26:32

 

HTTP Server: Apache/2.0.46 (CentOS)

PHP Version: 4.4.0 (Zend: 1.3.0)

 

 

Hi mate had a similar problem for a client of mine that i think i may just have fixed.

[/b]

In your config.php (both on secure server and non-secure)

Try the following.

 

define('HTTP_SERVER', 'http://www.yourname.co.nz'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://www.yoursafehost.co.nz/path to your secure folder'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', on); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'yourdomain.co.nz');

define('HTTPS_COOKIE_DOMAIN', ''); // LEAVE THIS EMPTY

define('HTTP_COOKIE_PATH', '/path to your normal folders/catalog/');

define('HTTPS_COOKIE_PATH', ''); // LEAVE THIS EMPTY

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/catalog/');

 

Note all the entry's and their slashes (//)

this is very important, for the paths to work.

 

Also Leave 'STORE_SESSIONS', 'mysql' as is.

 

The problem lies with your cookies storage paths ( i think)

Look try that out, and post back.

My client uses a shared ssl in NZ aswell, and this looks like a very similar setup.

 

Cheers

Link to comment
Share on other sites

Hi GoVeGeTa

 

Thanks for your reply

 

sorry it didn't work, gave me more errors and page under errors stop working.

 

It just seems to be sessions tmp folder, My guess is because the secure and unsecure folders are separate folders it cant see one from the other. "I can get either the secure site OR the unsecure site to work just not both together

 

Heres what my host had to say:

With a static IP addres we can link both http and https to your single httpdocs/ folder. Static IP's are are an extra monthly fee

 

Although Im sure there must be a way to get this to work as others like "GoVeGeTa" seem to have done it, But i'm running out of time so a static IP may be the way to go.

 

What do you guys think? any other suggestions?

 

Regards Khtz

Link to comment
Share on other sites

Although Im sure there must be a way to get this to work as others like "GoVeGeTa" seem to have done it, But i'm running out of time so a static IP may be the way to go.

 

What do you guys think? any other suggestions?

 

Regards Khtz

If you want to upgrade to dedicated ssl later you'll need the static IP anyway. How much do they want for it?

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Link to comment
Share on other sites

ask about a symlink

 

is symlink still using the 2 folder system? if its what it sounds like it is. I would have thought it would be setup when ever there are 2 folders installed.

 

 

How much do they want for it?

 

 

NZD$2.50 a month for static IP

 

money not really the issue just like to know if I can get it to work first.

 

But it sounds like static ip and single folder is the better way to go, even if I can get it to work with the 2 folder system.

 

ill look into the symlink

 

Thanks again

Link to comment
Share on other sites

is symlink still using the 2 folder system? if its what it sounds like it is. I would have thought it would be setup when ever there are 2 folders installed.

NZD$2.50 a month for static IP

 

money not really the issue just like to know if I can get it to work first.

 

But it sounds like static ip and single folder is the better way to go, even if I can get it to work with the 2 folder system.

 

ill look into the symlink

 

Thanks again

 

 

 

Hey khtz,

 

can you post both your config files (includes/config.php ---admin/includes/config.php)

will get a better feel for the problem if you provide a bit more info.

Sorry my solution didn't work for you, but like you this problem has been going on for a while.

It was to the point where i just wouldn't enable SSL but byers need to feel secure when purchasing

items over the internet.

Yeah if you can just post your config files so we all can have a look at it for you.

 

Cheers mate

Link to comment
Share on other sites

Hi

 

Dont know if its a cop out or not. but I upgraded to static IP and it worked straight away site was down for 10 mins while dns updated.

 

plus had to upgrade to static IP so I can go from a shared to dedicated ssl (to stop warning popup)

 

Thanks for your help

 

got any question just ask:-)

Link to comment
Share on other sites

Hi

 

Dont know if its a cop out or not. but I upgraded to static IP and it worked straight away site was down for 10 mins while dns updated.

Why would that be a cop out? It's better and you'll save yourself a ton of needless work. If you figure that your time is worth more than $2.50 a month it's a good deal. Plus as you say, you're ready for dedicated ssl when you want it.

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Link to comment
Share on other sites

Hi

 

Dont know if its a cop out or not. but I upgraded to static IP and it worked straight away site was down for 10 mins while dns updated.

 

plus had to upgrade to static IP so I can go from a shared to dedicated ssl (to stop warning popup)

 

Thanks for your help

 

got any question just ask:-)

 

 

Nah

nothing wrong with that.

$2.50 a month is a good deal.

Over here in Oz, they want 15.00 - 25.00 a month for static.

Then 300.00 - 500.00 for SSL Cert.

 

Regards

 

Hamu

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...